We are a primarily Linux company with a NIS backend, but we keep a couple "bridge boxes" for Windows users (on a Windows PDC) to connect to their unix accounts and access data. Under Samba 2.2, this was fairly easy with "encrypt passwords = no" turned on. But I can't figure out how to make it work with Samba 3. Does Samba 3 not support a unix passwd backend, or am I just missing a configuration option? --Andy
I think it's a ./configure option maybe its --with-pam_smbpass, but not sure. regards Am Mi, den 11.02.2004 schrieb Andy Moran um 22:56:> We are a primarily Linux company with a NIS backend, but we keep a > couple "bridge boxes" for Windows users (on a Windows PDC) to connect to > their unix accounts and access data. > > Under Samba 2.2, this was fairly easy with "encrypt passwords = no" > turned on. But I can't figure out how to make it work with Samba 3. > Does Samba 3 not support a unix passwd backend, or am I just missing a > configuration option? > > --Andy
Yeah. I explicitly state "encrypt passwords = no" in the smb.conf file and testparm confirms it. :( --Andy daniel.jarboe@custserv.com wrote:> Does testparm report that encrypt passwords is no? The default has > changed to yes in samba 3. I don't know if this would affect you, I run > in security = DOMAIN and haven't done much with security = USER. > > ~ Daniel > > >>-----Original Message----- >>From: Andy Moran [mailto:andy@wildbrain.com] >>Sent: Thursday, February 12, 2004 1:58 PM >>To: samba@lists.samba.org >>Subject: Re: [Samba] Samba 3 with Unix passwd authentication? >> >> >>Andrew Bartlett wrote: >> > It should work just the same. But things work better if you can > > join > >> > the windows domain, so that users can use encrypted passwords (or >> > maintain a local smbpasswd file) >> > >> > Andrew Bartlett >> > >> > >> >> >> >>Nope.. For some reason, Samba 3 does not seem to be able to > > authenticate > >>me as a local user where Samba 2.2.7 does. >> >>I am on a Red Hat 9 box. I am using the SRPM I downloaded from the >>ftp.samba.org and rebuilt on this box. The configure options of the >>SRPM are: >> >>CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \ >> --prefix=%{prefix} \ >> --localstatedir=/var \ >> --with-configdir=/etc/samba \ >> --with-privatedir=/etc/samba \ >> --with-fhs \ >> --with-quotas \ >> --with-smbmount \ >> --with-pam \ >> --with-pam_smbpass \ >> --with-syslog \ >> --with-utmp \ >> --with-sambabook=%{prefix}/share/swat/using_samba \ >> --with-swatdir=%{prefix}/share/swat \ >> --with-libsmbclient >> >> >>The client error I'm getting back is: >>session setup failed: NT_STATUS_LOGON_FAILURE >> >>The server error I see in the log files: >> >>[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_auth(514) >> smb_pam_auth: PAM: Athentication Error for user andy >>[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_error_handler(73) >> smb_pam_error_handler: PAM: Authentication Failure : Authentication >>failure >>[2004/02/12 10:40:19, 0] auth/pampass.c:smb_pam_passcheck(810) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User andy ! >> >>There is also a bit where it's checking ntlm_password which fails too: >> >>[2004/02/12 10:40:19, 2] auth/auth.c:check_ntlm_password(312) >> check_ntlm_password: Authentication for user [andy] -> [andy] > > FAILED > >>with error NT_STATUS_WRONG_PASSWORD >> >> >>As far as I can tell, /etc/pam.d/samba are the same in both versions.. >>But it works with Samba 2.2.7a. Strange? >> >> >>--Andy >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: http://lists.samba.org/mailman/listinfo/samba > > > > ----------------------------------------------------------------------- > > This message is the property of Time Inc. or its affiliates. It may be > legally privileged and/or confidential and is intended only for the use > of the addressee(s). No addressee should forward, print, copy, or > otherwise reproduce this message in any manner that would allow it to be > viewed by any individual not originally listed as a recipient. If the > reader of this message is not the intended recipient, you are hereby > notified that any unauthorized disclosure, dissemination, distribution, > copying or the taking of any action in reliance on the information > herein is strictly prohibited. If you have received this communication > in error, please immediately notify the sender and delete this message. > Thank you.
daniel.jarboe@custserv.com
2004-Feb-12 19:48 UTC
[Samba] Samba 3 with Unix passwd authentication?
> Yeah. I explicitly state "encrypt passwords = no" in the smb.conffile> and testparm confirms it. :( > > --AndyContents of /etc/pam.d/samba (or wherever it is for you) unchanged? ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
Yep. both use the same pam sama file that looks like this:
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
Also, here is my smb.conf file in case someone sees something obvious
that would keep it from using the normal unix password file:
[global]
workgroup = WILDBRAIN.COM
encrypt passwords = no
debug level = 3
log file = /var/log/samba/%m.log
max log size = 500
os level = 0
local master = No
homedir map = auto.people
printing = cups
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash
Folder/TheVolumeSettingsFolder/lost+found/
[wb]
comment = Wild Brain Data Path
path = /share
valid users = @user
admin users = @sos
force user = @user
create mask = 0777
force create mode = 0664
directory mask = 0777
force directory mode = 02775
inherit permissions = Yes
read only = no
writeable = yes
--Andy
daniel.jarboe@custserv.com wrote:>>Yeah. I explicitly state "encrypt passwords = no" in the
smb.conf
>
> file
>
>>and testparm confirms it. :(
>>
>>--Andy
>
>
> Contents of /etc/pam.d/samba (or wherever it is for you) unchanged?
>
> ~ Daniel
>
>
>
>
>
>
>
>
>
>
>
>
>
> -----------------------------------------------------------------------
>
> This message is the property of Time Inc. or its affiliates. It may be
> legally privileged and/or confidential and is intended only for the use
> of the addressee(s). No addressee should forward, print, copy, or
> otherwise reproduce this message in any manner that would allow it to be
> viewed by any individual not originally listed as a recipient. If the
> reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized disclosure, dissemination, distribution,
> copying or the taking of any action in reliance on the information
> herein is strictly prohibited. If you have received this communication
> in error, please immediately notify the sender and delete this message.
> Thank you.